Methods and systems for controlling access to custom objects in a database
First Claim
Patent Images
1. A method, comprising:
- receiving, from a requester, a request for a custom object of a custom object type from a custom object share table of a database, and an identifier corresponding to the requester; and
performing, in a single access to the custom object share table, and responsive to the request;
identifying in the custom object share table a group and a tenant to which the identifier corresponding to the requester belongs,determining, from one or more custom object types implicitly associated by the custom object share table with the group, whether the group has access to the custom object based on the custom object type of the custom object, andaccessing and returning the custom object from the custom object share table based on the tenant and the custom object type.
1 Assignment
0 Petitions
Accused Products
Abstract
In embodiments, methods and systems for controlling access to custom objects are provided. These techniques for controlling access to custom objects can enable embodiments to utilize a key for the protection of the security of data that is to remain private while not compromising efficiency of a query. The key for a requested custom object is identified and then used so that only an appropriate portion of a custom entity share table is searched to locate access information. It is then determined whether the user can access at least a portion of the custom object, and the appropriate and allowed data is sent to the user.
235 Citations
20 Claims
-
1. A method, comprising:
-
receiving, from a requester, a request for a custom object of a custom object type from a custom object share table of a database, and an identifier corresponding to the requester; and performing, in a single access to the custom object share table, and responsive to the request; identifying in the custom object share table a group and a tenant to which the identifier corresponding to the requester belongs, determining, from one or more custom object types implicitly associated by the custom object share table with the group, whether the group has access to the custom object based on the custom object type of the custom object, and accessing and returning the custom object from the custom object share table based on the tenant and the custom object type.
-
-
2. A system, comprising:
-
one or more processors coupled to memory storing computer instructions that, when executed on the one or more processors, implement actions including; receiving, from a requester, a request for a custom object of a custom object type from a custom object share table of a database, and an identifier corresponding to the requester; and performing, in a single access to the custom object share table, and responsive to the request; identifying in the custom object share table a group and a tenant to which the identifier corresponding to the requester belongs, determining, from one or more custom object types implicitly associated by the custom object share table with the group, whether the group has access to the custom object based on the custom object type of the custom object, and accessing and returning the custom object from the custom object share table based on the tenant and the custom object type.
-
-
3. A non-transitory machine-readable storage medium storing a plurality of instructions for programming one or more processors, the one or more instructions, when executed on the processors, implementing actions including:
-
receiving, from a requester, a request for a custom object of a custom object type from a custom object share table of a database, and an identifier corresponding to the requester; and performing, in a single access to the custom object share table, and responsive to the request; identifying in the custom object share table a group and a tenant to which the identifier corresponding to the requester belongs, determining, from one or more custom object types implicitly associated by the custom object share table with the group, whether the group has access to the custom object based on the custom object type of the custom object, and accessing and returning the custom object from the custom object share table based on the tenant and the custom object type.
-
-
4. A computer-implemented method, comprising:
-
receiving, from a requester, a request for a custom object of a custom object type from a custom object share table of a database, and an identifier corresponding to the requester; determining, for a first query plan, a first result size comprising a number of rows of the custom object share table filtered by the identifier corresponding to the requester, wherein the first query plan then filters on a property of the custom object; determining, for a second query plan, a second result size comprising a number of rows of the custom object share table filtered on the property of the custom object, wherein the second query plan then filters by the identifier corresponding to the requester; choosing, based upon the request, a resultant query plan between accessing the custom object share table from a user side of the custom object share table by the first query plan using the identifier corresponding to the requester when the first result size is smaller than the second result size, or from an object side of the custom object share table by the second query plan using the filter on the property of the custom object when the second result size is smaller than the first result size; executing a query comprising the resultant query plan, wherein filtering by the identifier corresponding to the requester comprises identifying in the custom object share table a group to which the identifier corresponding to the requester belongs and determining whether the group has access to the custom object based on the custom object type of the custom object; and responsive to the user request, returning the custom object from the custom object share table based on the group and the custom object type of the custom object. - View Dependent Claims (5, 6, 7, 15, 16)
-
-
8. A system including one or more processors coupled to memory storing computer instructions, which instructions, when executed on the one or more processors, implement actions comprising:
-
receiving, from a requester, a request for a custom object of a custom object type from a custom object share table of a database, and an identifier corresponding to the requester; determining, for a first query plan, a first result size comprising a number of rows of the custom object share table filtered by the identifier corresponding to the requester, wherein the first query plan then filters on a property of the custom object; determining, for a second query plan, a second result size comprising a number of rows of the custom object share table filtered on the property of the custom object, wherein the second query plan then filters by the identifier corresponding to the requester; choosing, based upon the request, a resultant query plan between accessing the custom object share table from a user side of the custom object share table by the first query plan using the identifier corresponding to the requester when the first result size is smaller than the second result size, or from an object side of the custom object share table by the second query plan using the filter on the property of the custom object when the second result size is smaller than the first result size; executing a query comprising the resultant query plan, wherein filtering by the identifier corresponding to the requester comprises identifying in the custom object share table a group to which the identifier corresponding to the requester belongs and determining whether the group has access to the custom object based on the custom object type of the custom object; and responsive to the user request, returning the custom object from the custom object share table based on the group and the custom object type of the custom object. - View Dependent Claims (9, 10, 11, 17, 18)
-
-
12. A non-transitory computer readable storage medium impressed with computer program instructions, which instructions, when executed on one or more processors, implement a method comprising:
-
receiving, from a requester, a request for a custom object of a custom object type from a custom object share table of a database, and an identifier corresponding to the requester; determining, for a first query plan, a first result size comprising a number of rows of the custom object share table filtered by the identifier corresponding to the requester, wherein the first query plan then filters on a property of the custom object; determining, for a second query plan, a second result size comprising a number of rows of the custom object share table filtered on the property of the custom object, wherein the second query plan then filters by the identifier corresponding to the requester; choosing, based upon the request, a resultant query plan between accessing the custom object share table from a user side of the custom object share table by the first query plan using the identifier corresponding to the requester when the first result size is smaller than the second result size, or from an object side of the custom object share table by the second query plan using the filter on the property of the custom object when the second result size is smaller than the first result size; executing a query comprising the resultant query plan, wherein filtering by the identifier corresponding to the requester comprises identifying in the custom object share table a group to which the identifier corresponding to the requester belongs and determining whether the group has access to the custom object based on the custom object type of the custom object; and responsive to the user request, returning the custom object from the custom object share table based on the group and the custom object type of the custom object. - View Dependent Claims (13, 14, 19, 20)
-
Specification